Vulnerability CVE-2017-12676


Published: 2017-08-07   Modified: 2017-08-10

Description:
In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.

Vendor: Imagemagick
Product: Imagemagick 
Version: 7.0.6-3;

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www.securityfocus.com/bid/100225
https://github.com/ImageMagick/ImageMagick/issues/618

Related CVE
CVE-2017-15281
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised v...
CVE-2017-15277
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process ...
CVE-2017-15218
ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.
CVE-2017-15217
ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.
CVE-2017-15032
ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
CVE-2017-15033
ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.
CVE-2017-15015
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.
CVE-2017-15016
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.

Copyright 2017, cxsecurity.com

 

Back to Top